Generating an SSH public key

Before you are able to SSH to sign in to your web server or to connect to your Git code repository, you must have an SSH private/public key pair.

Key requirements

Acquia Cloud requires that your SSH public key must be at least 4096 bits.

All websites that require Payment Card Industry Data Security Standard (PCI DSS) compliance must be in an Acquia PCI DSS-compliant product offering. To meet PCI DSS requirements, all users must use multi-factor authentication for remote access to their PCI DSS environment. When you connect to an Acquia Cloud environment using SSH, you use your SSH key as one authentication factor. To comply with PCI DSS, you must use a passphrase with your SSH key to provide a second authentication factor. You can add a passphrase when you create your key pair. For more information about PCI compliance on Acquia Cloud, see the Compliance with standards and regulations.

Methods for generating a key pair

To generate an SSH private/public key pair for your use, you can use one of the following methods: Acquia Dev Desktop or ssh-keygen.

Acquia Dev Desktop

Using Acquia Dev Desktop (free download) for your local application development provides you with an additional advantage—creation of an SSH private/public key pair for your application by clicking a button.

After you install Acquia Dev Desktop, see Generating an SSH key to learn how to create an SSH key and then register it with Acquia Cloud.


You can also use the ssh-keygen command from the command line to generate an SSH private/public key pair.


If you are using Windows, you may not have access to the ssh-keygen command. To use this command, you can download and install Git for Windows, and then use the Bash shell to follow the remaining instructions in this section.

To generate an SSH private/public key pair using the ssh-keygen command, complete the following steps:

  1. Open a shell or command-line window on your computer.

  2. Ensure that you do not already have a public key saved to your computer. To do this, run the following command:

    cd ~/.ssh ls -l

    If the directory and key file exists, run the following commands to back up the key id_rsa, as this procedure overwrites your current key if it is named id_rsa.

    mkdir key_backup mv id_rsa* key_backup
  3. Generate a new public/private key pair using the keygen command:

    ssh-keygen -b 4096

    The keygen command prompts you for the directory to contain the key.

    Generating public/private rsa key pair. Enter file in which to save the
    key (/Users/[user_dir]/.ssh/id_rsa):

    Press the Enter key to accept the default location of /.ssh/id_rsa in your user directory.

    Enter passphrase (empty for no passphrase): [passphrase] Enter same
    passphrase again: [passphrase]

    Substitute [passphrase] with your own text. This is for encrypting the private key on your computer. It is possible to use a blank passphrase, but if you do this, another user can impersonate you with a copy of the key file.


    Be sure to keep track of the passphrase because you will need to enter it when you use the key.

    The keygen command displays the following output:

    Generating public/private rsa key pair. Your identification has been saved
    in /Users/[user_dir]/.ssh/id_rsa. Your public key has been saved in
    /Users/[user_dir]/.ssh/ The key fingerprint is:
    52:96:e9:c8:06:c2:57:26:6d:ef:2f:0c:d9:81:f4:1c [email protected]
  4. Copy the key to your clipboard. To simplify the process, macOS users can execute the following command to copy the key from the file to your clipboard:

    pbcopy < ~/.ssh/

    Alternatively, using your favorite text editor, you can open the ~/.ssh/ file, and then copy the contents of the file manually.


    Copy the key exactly without adding newlines or whitespace.

After you create and obtain the key, you can add the public key to your Acquia user profile in Acquia Cloud.

Contact supportStill need assistance? Contact Acquia Support

Acquia: Think Ahead

53 State Street, 10th Floor
Boston, MA 02109
United States
Phone: 888-922-7842

Map: Google Maps
View other locations